Dont_Worry Ransomware

The Dont_Worry Ransomware is an encryption ransomware Trojan that seems to attack Russian-speakers. The Dont_Worry Ransomware was released on April 1st, 2018, and seems to be a variant of a ransomware family that includes AMBA and the CryptoLab Ransomware. The Dont_Worry Ransomware is the third variant in this threat family to have been released at the date of writing. The Dont_Worry Ransomware and its variants all use the same ransom note, with slight differences tin the contact information and the marks used to identify the encrypted files.

What are the Consequences of a Dont_Worry Ransomware Infection

The Dont_Worry Ransomware will target the user-generated files, which may include images, videos, texts, databases and music. The Dont_Worry Ransomware will mark the files encrypted by the attack with the file extension '.wog@onionmail.info-.' The Dont_Worry Ransomware will make the files it encrypts show up as blank icons since Windows or the victim’s applications will not recognize them. The following are examples of the types of files that are targeted in attacks like the Dont_Worry Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Attacks like the Dont_Worry Ransomware tend to avoid the Windows system files or executable files since they depend on the victim still being able to use Windows and their Web browsers to carry out the payments.

The Dont_Worry Ransomware’s Ransom Note

The different threats in the Dont_Worry Ransomware's family use the same ransom notes with different names. The Dont_Worry Ransomware delivers its ransom note in a text file named 'Dont_Worry.txt' that is dropped in various locations on the infected computer, including the Startup folder. The text for the Dont_Worry Ransomware's ransom note reads as follows:

'Вся Ваша информация на этом компьютере была зашифрована.
Для расшифровки обратитесь по нижеуказанным контактам.
------------------------------------------------------------
e-mail: wog@onionmail.info
Ваш код для разблокировки: [RANDOM NUMBER]
-----------------------------------
Если Вам приходит ответ, что почтовый адрес не существует:
1. Вам не повезло. Адрес заблокировали.
---------
Все инструкции вы получите в ответном письме.'

Below is a translation into English of the Dont_Worry Ransomware's ransom note:

'All your information on this computer has been encrypted.
To decrypt refer to the contacts listed below.
------------------------------------------------------------
e-mail: wog@onionmail.info
Your code for unlocking: [RANDOM NUMBER]
-----------------------------------
If you receive an answer that the mailing address does not exist:
1. You are unlucky. The address was blocked.
---------
You will receive all instructions in the reply letter.'

Protecting Your Data from the Dont_Worry Ransomware

Ransomware Trojans like the Dont_Worry Ransomware can be removed with the help of a malware removal program that is fully up-to-date. However, the files encrypted by the attack will not be recoverable without the decryption key, which the cybercrooks hold in their possession. Malware researchers, as always, are against payments to these threats, though, since it is very unlikely that the cybercrooks will help victims recover their files. Instead, computer users should use backup copies of their files to restore any data lost in the attack. In fact, having backup copies of your files on secured places is the single most effective measure that computer users can take to ensure that their data is safe from threats like the Dont_Worry Ransomware, which rely on taking the victims' data hostage through the use of encryption algorithms.

SpyHunter Detects & Remove Dont_Worry Ransomware